Privacy advocates are calling on officials at the U.S. Capitol to ensure that lawmakers and staff members have secure communications technology.
The effort is part of a push to get the entire U.S. government to use encryption to protect calls, texts and e-mails.
Protecting Congressional communications from “all interception—whether by foreign governments, criminals, or even other branches of the U.S. government or rogue Congressional staffers” would promote both personal privacy and national security, the American Civil Liberties Union said in a letter Tuesday to security officials in the House and Senate.
The letter to Frank J. Larkin, Senate Sergeant at Arms, and to Paul D. Irving, House Sergeant at Arms, comes as U.S. tech companies are starting to offer strong encryption on their devices and applications, and amid heightened concern about computer intrusions by foreign governments and criminals.
In recent years, Congressional Web sites have been hacked and several lawmakers have disclosed that their personal office computers have been hacked by China-based intruders.
Last year, the CIA inspector general concluded that CIA personnel had improperly accessed Senate computers used by Senate Intelligence Committee staff during the panel’s multi-year investigation of the agency’s interrogation program.
And earlier this year, the Obama administration disclosed that more than 22 million current and former federal employees, contractors and their families had their data compromised in two major breaches of Office of Personnel Management computers. The intrusions were carried out by the Chinese government, which is building giant databases of information on Americans for intelligence purposes, officials have said.
Although members of Congress and their staff in general did not have their personal information in the databases, the incident underscored how challenged the U.S. government is in locking down sensitive databases.
“One key lesson is that secure communications facilities preserve effective checks and balances in constitutional government, and insecure facilities threaten them,” said ACLU chief of staff Michael W. Macleod-Ball, legislative counsel Gabe Rottman and principal technologist Christopher Soghoian in their letter.
The ACLU pointed out that U.S. cell phone networks are insecure, as security flaws can be exploited by foreign governments and sophisticated criminals to intercept phone calls, text messages and location data.
“The people in Congress are not on the whole very security-conscious,” said Joel Brenner, a former top counterintelligence official for the U.S. government, and a former inspector general at the National Security Agency. “So the likelihood of intrusions through carelessness on the part of members and staff is very high.”
President Obama noted last year that “the intelligence services of other countries . . . are constantly probing our government and private sector networks and accelerating programs to listen to our conversations.”
Said Brenner: “It would be astounding if it weren’t the case that capable foreign governments were not targeting key members of Congress.”
Earlier this year, the White House issued a directive requiring all public federal Web sites to use secure encrypted connections. Also, this year, the ACLU wrote a letter urging that whistleblower phone hotlines and the State Department’s terrorist tipline be encrypted.
It is possible to deliver secure communications over an insecure network, the ACLU said in its letter. “In much the same way that Bank of America and Google can deliver their Web sites securely to customers using insecure public wi-fi networks, so too, can smartphone apps protect the audio and text communications of their users — by using strong encryption that provides security even when the underlying cellular network remains vulnerable to interception,” the letter said.
Providing encrypted communications tools to members of Congress should not be difficult, the privacy advocates said. Encrypted communications apps such as Open Whisper Systems’ Signal and Facebook’s WhatsApp are free and can be easily downloaded from the major app stores, the advocates said.
“Congress must be able to conduct its business in a secure fashion” in order to exercise its oversight role free from interference by other elements of the government and by “bad actors” outside government, the letter said.
The OPM hack and the Senate Intelligence Committee’s experience “lay bare the need to better protect Congress’ oversight function by guaranteeing the integrity of its communications,” it said.